Rediscovering Tcpdump

written by Christian Schell

This week I rediscovered tcpdump. Like Wireshark, this command displays your network traffic. Unlike Wireshark, it’s a shell command and is therefor a more convenient choice for server admins who rely on ssh.

The easiest way to use tcpdump is to just run sudo tcpdump from your terminal. Depending on your current traffic it will flood your screen with every request going out or coming in.

To see what’s in those packages you can use -A:

sudo tcpdump -A port 25 or port 587

This will show you what’s going on when you send an e-mail from your local machine.